Verify the message using HMAC policy. And convert the known XML data to JSON format without using XML to JSON message policy.
CREATE two Proxies.
1. PROXY - HMACval_(your_name): To generate HMAC value.
The proxy should be attached with
- HMAC policy to generate hmav_value.
- Assign message policy to set hmac_value. To send it back to the consumer.
The consumer sends a request message and a secret key in the query parameter, XML data in the body.
2. PROXY - Auth_xmltojson_(your_name): Authorize the Consumer and convert XML data to JSON format.
The proxy should be attached with
- HMAC policy to verify XML payload.
- Extract and Assing variable policy to convert XML data to JSON format.
The consumer sends a request message with a secret key and hamc_value in the query parameter. and XML data in the body.
Implementation
Create No target API proxy.
Proxyendpoint - Preflow - request - ADD HMAC policy.
HMAC policy code should look like below.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<HMAC name="HMAC-1">
<DisplayName>HMAC-1</DisplayName>
<Algorithm>SHA-256</Algorithm>
<Message ref="request.content"/>
<SecretKey ref="private.secretkey"/>
<Output>hmac_value</Output>
</HMAC>
Proxyendpoint - Preflow - request - ADD Assing variable policy (to construct get the secret key from the consumer by query parameter). Move it to the first policy.
Proxyendpoint - Postflow - Response - ADD assign variable policy (To construct response message with hmac_value).
Assign message policy-2 code should look like below.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="Assign-Message-2">
<DisplayName>Assign Message-2</DisplayName>
<Properties/>
<Set>
<Headers/>
<QueryParams/>
<FormParams/>
<Verb>POST</Verb>
<Payload contentType="application/json">
{
"status": "generated MAC successfully",
"MAC_VALUE": {hmac_value}
}
</Payload>
<Path/>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>
Save and deploy.
Consumers should send a request message with the secret key (secretkey1: code4545) from the query parameter and XML data from the body.
<!--XML data should be-->
<PrimeCustomer>
<customer>
<ID>434</ID>
<Amount>5600</Amount>
<paymentType>netbanking</paymentType>
</customer>
<customer>
<ID>435</ID>
<Amount>4580</Amount>
<paymentType>card</paymentType>
</customer>
<customer>
<ID>436</ID>
<Amount>2000</Amount>
<paymentType>netbanking</paymentType>
</customer>
<customer>
<ID>437</ID>
<Amount>5000</Amount>
<paymentType>card</paymentType>
</customer>
</PrimeCustomer>
See the output in the postman.
Create No target proxy.
Proxyendpoint - Preflow - request - ADD HMAC policy.
HMAC policy code should look like below.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<HMAC name="HMAC-1">
<DisplayName>HMAC-1</DisplayName>
<Algorithm>SHA-256</Algorithm>
<Message ref="request.content"></Message>
<SecretKey ref="private.secretkey"/>
<VerificationValue encoding="base64" ref="request.header.hmacvalue"/>
</HMAC>
Proxyendpoint - Preflow - request - ADD Assign message policy.
Move Policy to First.
Assign message policy code should look like below.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="Assign-Message-1">
<DisplayName>Assign Message-1</DisplayName>
<Properties/>
<AssignVariable>
<Name>private.secretkey</Name>
<Value/>
<Ref>request.queryparam.secretkey1</Ref>
</AssignVariable>
<Remove>
<QueryParams>
<queryparam name="secretkey1"/>
</QueryParams>
</Remove>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>
To convert known XML data to JSON format data without using XML to JSON message policy.
Proxy endpoint - Preflow - Request - ADD Extract Message policy (To extract Values from the XML data).
Extract Message policy code should look like below.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables continueOnError="false" enabled="true" name="Extract-Variables-1">
<DisplayName>Extract Variables-1</DisplayName>
<Properties/>
<Source clearPayload="false">request</Source>
<VariablePrefix>apigee</VariablePrefix>
<XMLPayload stopPayloadProcessing="false">
<Namespaces/>
<Variable name="id1" type="string">
<XPath>//PrimeCustomer/customer[1]/ID</XPath>
</Variable>
<Variable name="id2" type="string">
<XPath>//PrimeCustomer/customer[2]/ID</XPath>
</Variable>
<Variable name="id3" type="string">
<XPath>//PrimeCustomer/customer[3]/ID</XPath>
</Variable>
<Variable name="id4" type="string">
<XPath>//PrimeCustomer/customer[4]/ID</XPath>
</Variable>
<Variable name="amt1" type="string">
<XPath>//PrimeCustomer/customer[1]/Amount</XPath>
</Variable>
<Variable name="amt2" type="string">
<XPath>//PrimeCustomer/customer[2]/Amount</XPath>
</Variable>
<Variable name="amt3" type="string">
<XPath>//PrimeCustomer/customer[3]/Amount</XPath>
</Variable>
<Variable name="amt4" type="string">
<XPath>//PrimeCustomer/customer[4]/Amount</XPath>
</Variable>
<Variable name="pt1" type="string">
<XPath>//PrimeCustomer/customer[1]/paymentType</XPath>
</Variable>
<Variable name="pt2" type="string">
<XPath>//PrimeCustomer/customer[2]/paymentType</XPath>
</Variable>
<Variable name="pt3" type="string">
<XPath>//PrimeCustomer/customer[3]/paymentType</XPath>
</Variable>
<Variable name="pt4" type="string">
<XPath>//PrimeCustomer/customer[4]/paymentType</XPath>
</Variable>
</XMLPayload>
</ExtractVariables>
Construct the JSON message using the values extracted from the XML data.
ProxyEndpoint - Postflow - Response - Add Assign message policy.
Assign message policy code should look like below.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="Assign-Message-2">
<DisplayName>Assign Message-2</DisplayName>
<Properties/>
<Set>
<Headers/>
<QueryParams/>
<FormParams/>
<Verb>POST</Verb>
<Payload contentType="application/json">
{
{
"ID1" : "{apigee.id1}",
"Amount1" : "{apigee.amt1}",
"paymentType1" : "{apigee.pt1}"
},
{
"ID2" : "{apigee.id2}",
"Amount2" : "{apigee.amt2}",
"paymentType2" : "{apigee.pt2}"
},
{
"ID3" : "{apigee.id3}",
"Amount3" : "{apigee.amt3}",
"paymentType3" : "{apigee.pt3}"
},
{
"ID4" : "{apigee.id4}",
"Amount4" : "{apigee.amt4}",
"paymentType4" : "{apigee.pt4}"
}
}
</Payload>
<Path/>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>
update the proxy endpoint code to check whether verification was successful or failed.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<PreFlow name="PreFlow">
<Request>
<Step>
<Name>Assign-Message-1</Name>
</Step>
<Step>
<Name>HMAC-1</Name>
</Step>
<Step>
<Name>Extract-Variables-1</Name>
</Step>
</Request>
</PreFlow>
<Flows/>
<PostFlow name="PostFlow">
<Request/>
<Response>
<Step>
<Condition>HMAC.fail = ''</Condition>
<Name>Assign-Message-2</Name>
</Step>
</Response>
</PostFlow>
<HTTPProxyConnection>
<BasePath>/hmacver_xmltojson</BasePath>
</HTTPProxyConnection>
<RouteRule name="noroute"/>
</ProxyEndpoint>
Send the request message along with the secret key in the query parameter, hmac_value in the header, and XML data from the body.
